Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    1. GTA Online

      1. The Diamond Casino Heist
      2. Find Lobbies & Players
      3. Guides & Strategies
      4. Vehicles
      5. Content Creator
      6. Help & Support
    2. Red Dead Online

      1. Frontier Pursuits
      2. Find Lobbies & Outlaws
      3. Help & Support
    3. Crews

      1. Events
    1. Red Dead Redemption 2

      1. PC
      2. Gameplay
      3. Missions
      4. Help & Support
    2. Red Dead Redemption

    1. Grand Theft Auto Series

    2. GTA 6

    3. GTA V

      1. PC
      2. Guides & Strategies
      3. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. GTA Chinatown Wars

    6. GTA Vice City Stories

    7. GTA Liberty City Stories

    8. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
    9. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
    10. GTA III

      1. Guides & Strategies
      2. Help & Support
    11. Top Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. DYOM
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Programming
      5. Movies & TV
      6. Music
      7. Sports
      8. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    3. Gangs

    1. News

    2. Forum Support

    3. Site Suggestions

JernejL

Documenting GTA-SA memory addresses

Recommended Posts

{0x90, 0x90};
anybody knows where the adress is that checks if you are in the water?

cause i want to add something for my trainer, that you can swim in the air smile.gif .

 

[edit]

k ... did not found what i wanted ... but the opposite:

6c2756

if you change this location into:

b0 00 90 90 90 90 (mov al,0)

 

you can walk under water (unfortunately ... it does not work the other way(you can not set it to 1 to swim in air))

[/edit]

 

[edit]

also found another location ... if you set:

 

code :00681b0d - 74 44 - je 00681b53

to:

code :00681b0d - EB 44 - jmp 00681b53

 

then jumping is disabled ...

(no idea if this is usefull for somebody ...)

[/edit]

thanks CrazyT, btw:

 

void patch_(PVOID address, int type, int bytes){   DWORD d, ds;   VirtualProtect(address, bytes, PAGE_EXECUTE_READWRITE, &d);   memset(address, type, bytes);   VirtualProtect(address,bytes,d,&ds);}void WalkWat(bool on){   if(on==true){   patch_((PVOID)0x6C2759, 0x01, 1);   }else{   patch_((PVOID)0x6C2759, 0x00, 1);   }}

 

 

on = you can Walk/Drive/Fly under water

off = restore it

Share this post


Link to post
Share on other sites
CrazyT

thx ... but i already known that.

the problem is that i still found no way to set swim-mode over the water.

whatever ... i found a new adress:

 

0xc97c28 = lpd3ddevice

 

on that adress the prog saves the directxdevice.

 

(normaly created by:

 

lpd3d:=Direct3DCreate9(D3D_SDK_VERSION);

lpd3d.CreateDevice(D3DADAPTER_DEFAULT,

D3DDEVTYPE_HAL,

Handle,

vp,

d3dpp,

lpd3ddevice);

as example)

 

so you can directly draw things on the directxwindow.

well the best thing to do is to hook the present-command of the device, that is how i did it.

maybe i will upload an example source later.

 

you can get the device in Delphi with:

lpd3ddevice := IDirect3DDevice9(Pointer($c97c28)^);

Share this post


Link to post
Share on other sites
{0x90, 0x90};

theres a better way to do it, using GetProcAddress....but whatever floats ur boat.

Share this post


Link to post
Share on other sites
CrazyT

i guess you did not understood my last post ... very sad.

Well btw. it did not had anything to do with the thing i firstly wanted (flying in the sky with swim animation).

With this dx-object you can directly create own objects into the gta-world.

(only problem that might exist is, that they have no collision data and no physics)

Don't know how you would get the adress with GetProcAddress cause you only can get library-functions with that -_-'

Share this post


Link to post
Share on other sites
{0x90, 0x90};

004571e8 - start of function having to do with how much money to ped drops (read only, this is only after they are dead and dropped the money)

Edited by {0x90, 0x90};

Share this post


Link to post
Share on other sites
OnanManiak

Hi guyz,i need a little help but my english is not good sad.gif I need disable a new game title in main menu,what i must modify ???(i working in hiew).

I neeed this for multiplayer,because i delete unneded files (single player,for more haddrive space)

Thanx for answer guyz rolleyes.gif

Share this post


Link to post
Share on other sites
CrazyT

did not understood you,sorry.

 

btw,have some new adresses:

0055555E E8 7D751D00 call gta_sa.0072CAE0 -> ""(draw with normal textures)

00555664 |. E8 77741D00 call gta_sa.0072CAE0 -> ""(draw with low textures)

 

if you nop the functions on that locations you will nearly see an empty area, so i guess that is the function that is important for drawing the scene.

found it by trying to find a way to insert own objects dynamicaly.

 

Share this post


Link to post
Share on other sites
OnanManiak
did not understood you,sorry.

 

btw,have some new adresses:

0055555E E8 7D751D00 call gta_sa.0072CAE0 -> ""(draw with normal textures)

00555664 |. E8 77741D00 call gta_sa.0072CAE0 -> ""(draw with low textures)

 

if you nop the functions on that locations you will nearly see an empty area, so i guess that is the function that is important for drawing the scene.

found it by trying to find a way to insert own objects dynamicaly.

I must disable (or erase) "New Game" title in game,i can modify exe file (gta_sa.exe) but i must know where is adress located,do you know this adress ??

 

Share this post


Link to post
Share on other sites
{0x90, 0x90};

CPed +0x584 = Current Entity you are in contact with [DWORD] = ptr to _ANYTHING_ you are standing on.

 

= [map object data?]

 

 

struct object_instance{  void     *some_pointer;  /* pointer to the actual 3d model data perhaps? */  float    origin[3];      /* 3d coordinates */  uint32_t unknown1;       /* always 0x80? (could be a float, actually...) */  float    *matrix;        /* direct3d transformation matrix (16 floats) */  void     *unknown1       /* could be a pointer... */  uint32_t unknown2[3];  void     *unknown3;      /* pointer to something */  uint32_t timer;  uint32_t unknown4[2]; /* teh end */};

 

Share this post


Link to post
Share on other sites
CrazyT

@OnanManiak:

005798E2 C74424 24 00000000 mov dword ptr ss:[esp+24], 0

 

change that into:

 

005798E2 C74424 24 01000000 mov dword ptr ss:[esp+24], 1

 

although i still do not know why you want to disable to start a new game.

 

[edit]

hmm ... well this makes the option invisible ... but you can click on it.

also this method deletes the continue-option and maybe other options.

Maybe there exist a better way, but did not found one till now

Maybe you can just replace the "FEP_STG" with another text in gta_sa.exe cause that is the reference to the text ... but that would just replace the text.

[/edit]

Edited by CrazyT

Share this post


Link to post
Share on other sites
OnanManiak
@OnanManiak:

005798E2 C74424 24 00000000 mov dword ptr ss:[esp+24], 0

 

change that into:

 

005798E2 C74424 24 01000000 mov dword ptr ss:[esp+24], 1

 

although i still do not know why you want to disable to start a new game.

 

[edit]

hmm ... well this makes the option invisible ... but you can click on it.

also this method deletes the continue-option and maybe other options.

Maybe there exist a better way, but did not found one till now

Maybe you can just replace the "FEP_STG" with another text in gta_sa.exe cause that is the reference to the text ... but that would just replace the text.

[/edit]

I need disable this because iam maked a multiplayer version of sa. I deleted unneeded files,but if i click on new game,game will crash.

I start game with multiplayer client smile.gif not gta_sa.exe

 

Thanx man i wil try it.

 

Share this post


Link to post
Share on other sites
OnanManiak

Hmm i down know how can modify this value,i using hiew and i see this:

 

user posted image

 

i can only modify second column

Share this post


Link to post
Share on other sites
OnanManiak

DELETE ME ... Sorry for double post

Edited by OnanManiak

Share this post


Link to post
Share on other sites
CrazyT

somebody should delete this doublepost wink.gif

 

Well ... you try to make a multiplayergame?

But there are already such mods avaiable for gta.

(Btw. changing the exe itself is normaly not allowed i think.)

Whatever i can tell you how to change it in hview.

 

i guess this does not realy fit into the topic of this whole thread but i will answer you:

you see on bottom the menupoints you have:

3 Edit means that you must press f3 to edit the code on the position.

After that there should appear a new menu that allows you to edit the asmcode.

(can't remember what key you must press)

well then you can edit it.

But like i said before ... my version to fix the menu does not realy work.

(you can still click on the invisible item and other menuitems do disappear,too)

Share this post


Link to post
Share on other sites
jarjar
somebody should delete this double post wink.gif

It was actually 3 posts, and there normally not deleted. And there more than likely due to the server errors we're having anyway.

Share this post


Link to post
Share on other sites
CrazyT

heh ... i know already recognized that the server sometimes does not have the best performance.

 

found some new adress:

 

on:

B99EB8 starts an array of pointers.

those pointers lead to other arrays of pointers.

those pointers lead to a dword followed by the x,y,z coordinates of objects.

well those coordinates seem to be readonly for some reason.

i tryed to set them, but with no luck.(the object/building still keeps it's place).

btw. found that offset on that location:

00554B54 . 8D1495 B89EB9>lea edx, dword ptr ds:[edx*4+B99EB8]

just in case that you maybe find out more.

also i wonder about the dword ... can be a type definition, but the rotation matrix would be missing then hmm.

maybe that map of arrays is just used for another thing, but don't know for what.

 

[EDIT]

k,thx {0x90, 0x90}; ... i found an array of the objects where you can change the position.(maybe only collisiondata or something like that ... for some reason low quality textures keep in place if you move the object)

 

B75898 is the array of pointers to an objectstructure that {0x90, 0x90}; already described.

[/EDIT]

[EDIT]

tested and tested ... and found out that it is only collisiondata.

the strange thing is that the position of the object changes in memory although it does not change position.

(maybe it is relativ to something? maybe to the player? don't know)

[/EDIT]

[/EDIT]

Edited by CrazyT

Share this post


Link to post
Share on other sites
OnanManiak

@CrazyT

 

Thanx man,i understand you,thanx for help.

Share this post


Link to post
Share on other sites
{0x90, 0x90};

Hmm, it seems like all objects (peds, vehicles, buildings...) share the same base structure.

 

They all start with something that looks like a valid pointer (which probably defines the object type)...

Followed by 3 floats (coordinates, 0x0x0 for peds)

A pointer to a transformation matrix at offset +20.

A timer at offset +44...

 

Edit: Interior ID at +47?

 

Edit: Added interior ID to my struct. (If you change it, the building is "teleported" to the set interior ID.)

 

 

struct building{  void     *some_pointer;  /* data type identifier? (it's the same for all building objects).. but it's also a valid pointer */  float    origin[3];      /* 3d coordinates */  uint32_t unknown1;       /* always 0x80? (could be a float...) */  float    *matrix;        /* pointer to a direct3d transformation matrix (16 floats) */  void     *unknown2;      /* pointer to (unknown) 3d stuff */  uint32_t unknown3[3];  void     *unknown4;      /* pointer to something */  uint16_t timer;  uint8_t  unknown5;  uint8_t  interior_id;    /* interior ID */  void     *building;      /* pointer to another building object (don't know why) */  uint32_t unknown6; /* teh end */};

 

 

One reason why the building positions do not change, might be because they've already been "uploaded" to Direct3D. I know almost nothing about Direct3D, but OpenGL has something called "display lists", where you can store pretty much anything... including positions, etc.

Edited by {0x90, 0x90};

Share this post


Link to post
Share on other sites
DEagle50AE

Finally!

While working on a hunter / hydra mod, I (finally!) found the addresses of the rockets launched by the hunter and hydra.

 

0xC891A8 is the rocket pool start. Each slot has 0x24 (36) bytes of data.

+0x00 - [DWORD] 19 for non-heatseeking rockets, 20 for heatseeking, 58 for flares

+0x04 - [DWORD] pointer to launching vehicle

+0x08 - [DWORD] pointer to target vehicle (when heatseeking), 0 otherwise

+0x0C - Unknown

+0x10 - [byte] 1 = rocket travelling, 0 = rocket exploded / does not exist

+0x11 - Unknown

+0x14 - [Float] is the X position

+0x18 - [Float] is the Y position

+0x1C - [Float] is the Z position

+0x20 - Unknown

 

Max number of elements in the pool is 32.

Plesae confirm those addresses... tounge.gif

 

Hope i've helped! biggrin.gif

Edited by DEagle50AE

Share this post


Link to post
Share on other sites
AK-73

 

Hmm, it seems like all objects (peds, vehicles, buildings...) share the same base structure.

 

They all start with something that looks like a valid pointer (which probably defines the object type)...

Followed by 3 floats (coordinates, 0x0x0 for peds)

A pointer to a transformation matrix at offset +20.

A timer at offset +44...

 

 

 

That's something that's surprising me to see still. With all those able coders out there, no one seems to have pointed out yet that the the first dword in an object of a given class holds the VMT, the virtual method table. It simply points to a table with function pointers for all methods defined on objects of this class, so you can use that too if you know the purpose and parameters of each method. smile.gif

 

Alex

 

Share this post


Link to post
Share on other sites
.cuBe

Bypassing the 8 player limit in GTA:SA

Write the following bytes:

 

0060D64D: E9 9D 00 00 00 90

 

A function involved in the create_player process (0x005FBB70) is called twice for some odd reason. The crash occurs as a result of this duplicate call on the creation of a player index >= 8. This alteration of code forces the game to always skip the second call thus circumventing the crash. Approximately 104 players can be created.

Share this post


Link to post
Share on other sites
CrazyT

found a strange adress: 0x858624

this one seems to morph the player somehow ...

the default value is 1.0

if you choose a bigger value the game crashes

if you choose a lower value the player gets smaller.

somehow also the driving speed and other things are influenced by that ,too.

Share this post


Link to post
Share on other sites
J-Fox.GEMM
Finally!

While working on a hunter / hydra mod, I (finally!) found the addresses of the rockets launched by the hunter and hydra.

 

0xC891A8 is the rocket pool start. Each slot has 0x24 (36) bytes of data.

+0x00 - [DWORD] 19 for non-heatseeking rockets, 20 for heatseeking, 58 for flares

+0x04 - [DWORD] pointer to launching vehicle

+0x08 - [DWORD] pointer to target vehicle (when heatseeking), 0 otherwise

+0x0C - Unknown

+0x10 - [byte] 1 = rocket travelling, 0 = rocket exploded / does not exist

+0x11 - Unknown

+0x14 - [Float] is the X position

+0x18 - [Float] is the Y position

+0x1C - [Float] is the Z position

+0x20 - Unknown

 

Max number of elements in the pool is 32.

Plesae confirm those addresses... tounge.gif

 

Hope i've helped! biggrin.gif

Great finding - but these appear to be read only - correct?

Share this post


Link to post
Share on other sites
DEagle50AE

 

Great finding - but these appear to be read only - correct?

Well, the only things I've tried to set are launcher address, target address and rocket type - and it's working fine. As for the coords, I guess they're probably read-only, as you said, though I haven't tested it yet...

smile.gif

Share this post


Link to post
Share on other sites
DEagle50AE

Found another address, finally!

 

CVehicle + 0x22 (short) Car ID from vehicles.ide

 

Confirm this please tounge.gif

Edited by DEagle50AE

Share this post


Link to post
Share on other sites
J-Fox.GEMM
Great finding - but these appear to be read only - correct?

Well, the only things I've tried to set are launcher address, target address and rocket type - and it's working fine. As for the coords, I guess they're probably read-only, as you said, though I haven't tested it yet...

smile.gif

Well i was trying to fire rockets from an bmx etc which wasnt working lol.gif

 

But i only caused crashes when writing to rocket type or sthin only too. Will have a look at it again later.

Share this post


Link to post
Share on other sites
DEagle50AE
Well i was trying to fire rockets from an bmx etc which wasnt working lol.gif

 

But i only caused crashes when writing to rocket type or sthin only too. Will have a look at it again later.

LMAO! nice idea biggrin.gif

But I was trying to set the rocket type of an existing rocket, for example, to heatseeking or to a flare - and it worked fine. But again, those are just already existing rockets... dozingoff.gif

Share this post


Link to post
Share on other sites
Cowpat

A while back I recall someone asking if SA could be run in a window. Unfortunately the search function isn't working at the moment so I can't find it or anything else related. So if this is old hat please forgive me.

 

To run SA in a 'proper' window, ie. has frame and title bar, can be moved, minimized, etc. The cursor is only available in-menu and disappears on the title bar, though it is still there and functioning. Could only get this to work at 640 x 480.

 

This code used in proxy d3d9.dll

 

 

HRESULT __stdcall myIDirect3D9::CreateDevice(UINT Adapter,D3DDEVTYPE DeviceType,HWND hFocusWindow,DWORD BehaviorFlags,D3DPRESENT_PARAMETERS* pPresentationParameters,IDirect3DDevice9** ppReturnedDeviceInterface){if (bWindowedMode){ pPresentationParameters->Windowed = 1; pPresentationParameters->FullScreen_RefreshRateInHz = 0;}[Rest of code here]..}HRESULT myIDirect3DDevice9::Reset(D3DPRESENT_PARAMETERS* pPresentationParameters){if (bWindowedMode){ pPresentationParameters->Windowed = 1; pPresentationParameters->Flags = 0; pPresentationParameters->FullScreen_RefreshRateInHz = 0; pPresentationParameters->PresentationInterval = 0; pPresentationParameters->BackBufferFormat = D3DFMT_UNKNOWN; SetWindowLong(pPresentationParameters->hDeviceWindow, GWL_STYLE, WS_OVERLAPPEDWINDOW); SetWindowPos(hWnd, HWND_NOTOPMOST, 100, 100, pPresentationParameters->BackBufferWidth,  	pPresentationParameters->BackBufferHeight, SWP_SHOWWINDOW | SWP_DRAWFRAME); bWindowedMode = false;}[Rest of code here]..}

 

Share this post


Link to post
Share on other sites
DexX

here's a hot one:

7115B4 - stencil shadow opacity, i recommend setting it to 09 (default: 06) for results like this:

user posted image

0A is a bit lighter, 08 is a bit darker. 0, is totally and completely opaque.

 

Note that vehicles as seen with the chopper here, will become extremely ugly on their shadowed side. There must be a way to disable self-shadowing, then this would become truly useful.

Share this post


Link to post
Share on other sites
dustcrazy

Is there any way to run SA at a custom res.? Such as 300x300 or even as low as 150x150(Palm Low Res)

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.